Exam CAS-004 topic 1 question 552 discussion

o Impossible travel and brute-force attacks: These indicate a potential compromise of user accounts, allowing attackers to access systems from unusual locations and attempt to gain access with brute-force password attempts. o Data transfer to an unknown site: This further confirms malicious activity where the attacker is trying to exfiltrate sensitive data to an unauthorized location. o Direct mitigation: By restricting uploading activity to only authorized sites, the security team can prevent the attacker from transferring data to unknown locations, effectively stopping the data exfiltration attempt.

B. Restrict uploading activity to only authorized sites. This is a proactive and effective way to mitigate the risk of data exfiltration. By restricting uploading activities to trusted sites, you can prevent users from uploading data to unknown or malicious sites, effectively blocking the attempted data transfer.

From my perspective there is not a correct choice. It is reasonable to conclude that those users were compromised based on the indicators provided. Immediate Response: that should be taken: • Account Lockdown: Temporarily disable the affected user accounts to prevent further unauthorized access. • Password Reset: Force a password change for the compromised accounts and ensure that new passwords are strong and unique. • Multi-Factor Authentication (MFA): Implement or enforce MFA for all user accounts to add an additional layer of security beyond just passwords. If the users were not compromised I would choose: B. Restrict uploading activity to only authorized sites. But again, the description "attempts were made to transfer data to an unknown site" shows that the users were compromised.